When patching applications, businesses focus first on their main, publicly-facing applications. Often, the patching initiatives do not extend beyond these initial applications, as the business may not be aware of all the applications. This leaves thousands of applications vulnerable, and creates a long-term security threat. For one client, CA Veracode analyzed more than 26,000 websites in less than 2 minutes and found multiple sites still containing the Heartbleed vulnerability.

In addition, development teams embed OpenSSL deeply into their mission-critical client-server applications, making it difficult for traditional security tools to root out and identify the library. Using data mined from CA Veracode’s cloud-based platform, CA Veracode analyzed thousands of applications and found over 12 percent were at risk of having the OpenSSL vulnerability. Unlike other services, CA Veracode uses both static and dynamic analysis techniques to quickly identify and mitigate the risk from the wide-spread OpenSSL vulnerability in all applications.

“When new vulnerabilities are identified, it is crucial for large enterprises to react quickly to mitigate the risk to their infrastructure and customers’ data. However, we recognize how difficult it can be for companies to develop an appropriate response in a timely manner,” said Bob Brennan, CEO, CA Veracode. “These offerings are meant to assist customers in their Heartbleed mitigation efforts. It is our intention that by harnessing the full power of CA Veracode’s cloud-based platform, customers are able to prevent this vulnerability from having a long-term effect on their businesses.”

CA Veracode is offering the following cloud-based services to current customers, giving them visibility into their hidden perimeter and embedded apps:

Heartbleed Web Perimeter Analysis: Through the use of CA Veracode’s massively parallel Discovery technology, CA Veracode will discover all sites in the customer’s domain, detect the use of OpenSSL in all company owned websites and produce a report identifying vulnerable websites.

About CA Veracode

Veracode, CA Technologies application security business, is a leader in helping organizations secure the software that powers their world. CA Veracode’s SaaS platform and integrated solutions help security teams and software developers find and fix security-related defects at all points in the software development lifecycle, before they can be exploited by hackers. Our complete set of offerings help customers reduce the risk of data breaches, increase the speed of secure software delivery, meet compliance requirements, and cost effectively secure their software assets- whether that’s software they make, buy or sell.

CA Veracode serves more than 1,400 customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog, on Twitter and in the CA Veracode Community.

Cookie Use

We use cookies to collect information to help us personalise your experience and improve the functionality and performance of our site. By continuing to use our site [without first changing your browser setting], you consent to our use of cookies. For more information see our cookies policy.